Sharing of user buffer

Hi,
I wanted to share the user buffer with the Kernel Driver so that buffer pointer list is passed to the driver then buffers are being filled by user process and Kernel Driver is consuming them.
Input buffer parameter in the DeviceIoControl() function contain a number of pointers pointing to the user memory space.I wanted to store these pointers before replying back and later on access the memory pointed by them. (I can assume that User Memory is not freed.).How can I achieve this?
What ever i know is that i can use the MDL to take the Kernel space virtual address for the user space virtual address, but will that
procedure give me the memory pointed by the parameter received in the DeviceIoControl()? Do we have some functions that take user memory pointer and give the corresponding kernel memory pointer?

Regards,
Arvind.

You do realize that this is definitely not a safe way to do things, right?
Just because YOUR application doesn’t disobey the rules, doesn’t mean that
some malicious application will not figure out how to use these pointers
for something else than what you expect them to be used for.


Mats

xxxxx@lists.osr.com wrote on 01/06/2005 12:28:11 PM:

Hi,
I wanted to share the user buffer with the Kernel Driver so that
buffer pointer list is passed to the driver then buffers are being
filled by user process and Kernel Driver is consuming them.
Input buffer parameter in the DeviceIoControl() function contain a
number of pointers pointing to the user memory space.I wanted to
store these pointers before replying back and later on access the
memory pointed by them. (I can assume that User Memory is not
freed.).How can I achieve this?
What ever i know is that i can use the MDL to take the Kernel space
virtual address for the user space virtual address, but will that
procedure give me the memory pointed by the parameter received in
the DeviceIoControl()? Do we have some functions that take user
memory pointer and give the corresponding kernel memory pointer?

Regards,
Arvind.

Questions? First check the Kernel Driver FAQ at http://www.
osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
ForwardSourceID:NT0000A566

What in the world makes you think you can assume the user mode addresses
won’t be freed? Kernel code can NEVER trust that a user-mode program is
going to do the right thing, since any other user-mode program could
also open the device.

Why do buffer filling rather than just sending I/O requests?

-p


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Arvind
Sent: Thursday, January 06, 2005 4:28 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Sharing of user buffer

Hi,
I wanted to share the user buffer with the Kernel Driver so
that buffer pointer list is passed to the driver then buffers are being
filled by user process and Kernel Driver is consuming them.
Input buffer parameter in the DeviceIoControl() function
contain a number of pointers pointing to the user memory space.I wanted
to store these pointers before replying back and later on access the
memory pointed by them. (I can assume that User Memory is not
freed.).How can I achieve this?
What ever i know is that i can use the MDL to take the Kernel
space virtual address for the user space virtual address, but will that
procedure give me the memory pointed by the parameter received
in the DeviceIoControl()? Do we have some functions that take user
memory pointer and give the corresponding kernel memory pointer?

Regards,
Arvind.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to
xxxxx@lists.osr.com

Pend a lot of READ or IOCTL IRPs, they will be completed when the kernel part will fill them with the data. The usual way.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: Arvind
To: Windows System Software Devs Interest List
Sent: Thursday, January 06, 2005 3:28 PM
Subject: [ntdev] Sharing of user buffer

Hi,
I wanted to share the user buffer with the Kernel Driver so that buffer pointer list is passed to the driver then buffers are being filled by user process and Kernel Driver is consuming them.
Input buffer parameter in the DeviceIoControl() function contain a number of pointers pointing to the user memory space.I wanted to store these pointers before replying back and later on access the memory pointed by them. (I can assume that User Memory is not freed.).How can I achieve this?
What ever i know is that i can use the MDL to take the Kernel space virtual address for the user space virtual address, but will that
procedure give me the memory pointed by the parameter received in the DeviceIoControl()? Do we have some functions that take user memory pointer and give the corresponding kernel memory pointer?

Regards,
Arvind.

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

> Hi,

I wanted to share the user buffer with the Kernel Driver so that buffer pointer list is passed to the driver then buffers are being
filled by user process and Kernel Driver is consuming them.
Input buffer parameter in the DeviceIoControl() function contain a number of pointers pointing to the user memory space.I wanted to
store these pointers before replying back and later on access the memory pointed by them. (I can assume that User Memory is not
freed.).How can I achieve this?
What ever i know is that i can use the MDL to take the Kernel space virtual address for the user space virtual address, but will that
procedure give me the memory pointed by the parameter received in the DeviceIoControl()? Do we have some functions that take user memory
pointer and give the corresponding kernel memory pointer?

This can be be done but members of this list may be shy about
instructing you as it is considered to be bad design in most cases and
system comprising if not done right. Most would advise that user
buffers be sent to the driver in the usual fashion, 1 per IRP, letting
the OS take care of mapping and locking stuff. I advise that you first
look into using the usual techniques before pursuing this approach.

However, I have done what you suggest (I have my reasons) and believe
that it can be done safely. But, the fact that you talk about trusting
user mode applications does not give confidence (is it acceptable to
blue screen every time your app crashes or is killed (in the brutal
fashion) from task manager. If you are determined to use this approach
then check all documentation for the following functions:
IoAllocateMdl
MmProbeAndLockPages
MmGetSystemAddressForMdlSafe

Also read about exception handling and handling of IRP_MJ_CLOSE.

Know that this approach, while occasionally useful, is not a short
cut. I requires careful programming and attention to details.

Robert Newton